Meet Julie Cullivan. She is SVP for Business Operations and CIO at FireEye, one of the very young security companies that has not only grabbed media’s attention but also has created ripples in the security space with its core expertise in advanced threats detection. She is in charge of company’s business operations, where her task is to improve efficiencies across the organization and manage the sales operations and new business offerings teams, and also integration management office. Besides, she oversees all business application services, infrastructure services, lab operation services, and information security.

Cullivan has over two decades of diverse work experience. In past she held top positions at different software and security companies including Autodesk, EMC, Asera, Oracle and McAfee. In 2015, SC magazine named her in the list of the Top 10 Power Players in their second annual Women in IT Security edition.

While Cullivan has successfully made her way into the highly male dominated world of technology leaders and CIOs, but she strongly desires to see more women leaders in the technology domain in the future.

Edited excerpts of the interview…

Q1. What’s your advice to CIOs and CISOs when it comes to adopting or planning a security strategy for their respective organizations?We recommend that companies, CIOs and CISOs can actually start with an idea of how secure the organization needs to be because different companies have different to security measures they might need to look at --some companies might have to be concerned about nation-state, other companies might have to look more at advance risk area. So I think, part of it is assessing is where you want to be and then doing a detailed review where you are currently. And so asking tough questions about who might be targeting us or already have been compromised in some ways and than starting to build a security program from there.

So understand where you are today and where you want to get to because every company is slightly on a different spectrum of that security maturity model and it really starts with the understanding of what’s the most critical things in our organization that needs to protect – what would be the most risky of piece data, source code, etc., that if were to get compromised could be detrimental to our organization and than sort of prioritize and secure those important things first and foremost.

Q2. FireEye has been advocating an adaptive security model as a defense against revenge cyber hacking and other cyber crimes. So can you explain what this adaptive security model is all about?When we talk of adaptive security defense model, a part of that adaptive defense model is around technology which we provide to organizations - protecting anywhere from the network to all the way to the endpoints, making sure you have the technology that needs to put the right security and controls in place.

But we realized that technology alone is not going to solve those problems, so we have lot of offerings around intelligence – we provide contextual intelligence that goes anything from whom might behind the attack to all the other things in the environment that you need to go and look for based on behaviors we have seen historically. So it’s that intelligence piece that is very important.

And than there is the expertise layer and that can come in different forms. One is that we have a consulting organization that come in and do proactive or reactive consulting services for a company and we also have FireEye as a service, which allows you to leverage our technology and have our FireEye as a service organization monitor proactively, hunt in your environment, look for compromise and all that kind of stuff, so it really becomes extension of your security operation around the advanced threats that’s out there.

The reason we call adaptive defense is because you are not going to implement all those things but it allows you to do based on your own sort of security maturity model and how you are trying to go about it. Is it that you need to get better technology controls in place, is it that now you are ready to move to some more proactive security programs and move into some need assessment plans or you have proactive response plans, should something happen.

Or is it where you are seeing some problem but don’t have enough intelligence on the problem and would need more intelligence in order to do the right analysis and right response on these things. So the idea is trying to see where you might have the biggest problem. For instance, if you are concerned about spear fishing and email attacks, than we can give an opportunity to go solve that problem but over time we want to see you implement our email intelligence led security platform because we think that’s real value in our connected platform.

Q3. What’s your take on Indian enterprises, CIOs and CISOs in terms of overall security threat landscape compared to other geographies and matured markets? I see there’s continuous more and more awareness around this advanced threat piece but I don’t think people have realized it as security issue. But I think the threat landscape has changed, the advanced threat landscape is very different than it was once and have seen lot of recognition of that in projects that have been kicked-off and able to go and work on problems now.

I would say is this in the US because of lot of compliance, disclosures and high-profile breaches; I think they are ahead in terms of addressing this as part of their security roadmap and budgets. I think in Europe, we see a mix – some countries are much more concerned about threats and are able to leverage FireEye’s technology to able to reduce threats in those areas. But in other parts of Europe, where they still have not felt as like it as their biggest priority.

What I have seen in this market (India) as we have been building out of this market over past few years, I think we are seeing more and more intention on this problem from Indian customers whether they are reinforced to disclose or not, they do recognize that there’s a huge reputational risk, if something did happen and if it’s of large scale. Yes there were things that did drove acceleration around this problem in other markets but as per my perception, I think it’s on the radar here in some of the large companies for sure.

Q4. How much competition FireEye is facing today on the advanced threat landscape than in the past?I think we have definitely seen other players start to tell a better story around the advanced threat. But there was a time when FireEye was clearly the solution for advanced threat and we did not really have anyone that can compete on these unknown threats.

And signature based wasn’t going to work and solve this problem and; we were the first company to come out and really solve that problem of unknown threats using right co-relations and say that it looks like there might be a problem here and we might able to address that.

I think overtime, yes we have seen bit more competition but I think that was back how we needed to continue differentiate ourselves better around our intelligence story and around the services that we provide around this advanced threats problem. So yes we have seen bit more competition but we still think we are highly differentiated due to our intelligence and service offerings.

Q5. How challenging it is to be a CIO of a security company which is very young and aggressive in its approach?We are a high-profile company in the security space; therefore there are a lot of bad actors that would be very interested in potentially targeting us so I think we take the same approach that we advise to any other company -- where are our crown jewels as an organization and make sure we come up with a right security strategy around that.

And I also think that I do benefit from the fact that I m part of a security company, so I got some built-in support from the executive team and board to make sure that we are looking at the security postures routinely and making sure we are adjusting it where necessary. So one thing that I have learned is that you need to make sure you implement the right programs and controls but more importantly got to be assessing against it all the time – you cannot think you are ever done and so you continuously need to be looking for other gaps and addressing it.

I think we very much drink our own champagne in terms of not just technology but the services we provide to make sure we are proactive as we can be about the security posture of the organization is able to respond if there were to be a problem.

Q6. What’s your take on the far low number of women CIOs compared to male CIOs in India and other parts of the world?Surprisingly it’s very much the same in the US wherein, you don’t see many women particularly in the lead technology, engineering and CIO roles. I actually think it starts early in women’s career when they make decisions about whether they want to go for that or have other priorities. I have a take that there’s not enough of investment in young women in terms of technology, education but more important supporting them do leadership roles in organizations.So I think it’s definitely not just a situation in India, it’s more broad than that. We have not made technology an area where people really want to focus on and grow, so I think there’s a huge opportunity in this area.

And also I think that as women, we need to be more proactive about raising hand and say that this is what I want. Sometimes we let go by saying that I m a woman or it’s a male dominated world psyche than we can’t do much. I think we need to investment a lot more very early in young women’s schooling and education and start saying that is viable sort of opportunities for you in terms of career. So I like to see that change overtime for sure.

Subscribe ETCIO Newsletter

As the Special Chief Secretary & IT Advisor to the Chief Minister - Govt. of Andhra Pradesh, J A Chowdary is all for chasing new growth horizons, pursuing radically different development approaches and outguessing technology trends that will shape the future.

As the Special Chief Secretary & IT Advisor to the Chief Minister - Govt. of Andhra Pradesh, J A Chowdary is all for chasing new growth horizons, pursuing radically different development approaches and outguessing technology trends that will shape the future.